Merge branch 'ekms-next-steps' into 'main'

First working draft version

See merge request !9

.vscode/launch.json

+{
+    // Verwendet IntelliSense zum Ermitteln möglicher Attribute.
+    // Zeigen Sie auf vorhandene Attribute, um die zugehörigen Beschreibungen anzuzeigen.
+    // Weitere Informationen finden Sie unter https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Launch file",
+            "type": "go",
+            "request": "launch",
+            "mode": "debug",
+            "program": "${workspaceFolder}",
+            "args": ["-selftesting", "false"], 
+        },
+    ]
+}
\ No newline at end of file

LICENSE

+BSD 3-Clause License
+
+Copyright (c) 2023, da/net Research Group
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -4,6 +4,16 @@ This is a prototypically Key Management System (KMS) for Quantum Key Distributio
 
 It uses, by now, an emulation of a quantum link to exchange random numbers between neighboring quantum network elements.
 
+**Note well** _This is not intended to be used in production environments, neither in networks that can be reached by everybody, nor in other uncontrolled settings._
+
+# Acknowledgements
+
+This prototypically Key Management System (KMS) has been developed in the [DemoQuanDT](https://www.forschung-it-sicherheit-kommunikationssysteme.de/projekte/demoquandt) project ("Quantenschlüsselaustausch im deutschen Telekommunikationsnetz für höhere IT-Sicherheit", engl. quantum key exchange in the german telecommunications network for higher IT security). 
+
+The DemoQuanDT project is funded by the german ministry of education and research ([BMBF](https://www.bmbf.de)). 
+
+<img src="./figures/BMBF_gefoerdert_2017_en.jpg" alt= "Logo of the BMBF" width="20%">
+
 ## Implementation of the Quantum Layer
 
 ### Pseudo Random Number Generator (PRNG) based Emulation
@@ -28,6 +38,48 @@ First, rand is used to generate the amount of random numbers `numRands`and then
 
 A quantum layer link peer is the communication partner on a point-to-point link. One has to generate a new peer in the quantum layer in order to communicate with the peer. 
 
+# Interfaces to the proto-kms
+
+## Interface to the Quantum Layer
+
+This interface is solely a go API within the proto-kms. 
+
+## Inter-KMS Communication
+
+This interface is required for the communication between the peering KMS in order to coordinate their actions for key selection and key forwardwing path configuration. This is in *interkmsproto*.
+
+## ETSI-Interfaces 
+
+There are basically two ETSI interfaces, i.e., 
+ - ETSI QKD GS 14 for retrieval of keys by an external entity from the kms
+ - ETSI QKD GS 15 for the configuration of the key forwarding process and peers of the kms
+
+ However, at this point of this, both interfaces are lumped together in one gRPC interface *kmsetsiproto*.
+
+### Encryption Key Retrieval Interface
+
+### SDN Controller (ETSI GS QKD 15)
+
+
+# Interactions (AKA Flowcharts)
+
+```mermaid 
+sequenceDiagram
+QKDNC->>KMS1: ETSIGetQuantumInterfaces()
+loop 
+    KMS1->>KMS1: range es.handlingEkms.QuantumElements
+end
+KMS1-->>QKDNC: List QuantumInterfaces
+QKDNC->>KMS1: ETSIAddKMSPeer(KMS2)
+KMS1-->>QKDNC: KMSPeer added
+KMS1->>KMS2: InterComCapabilities()
+KMS2->>KMS1: InterComCapabilitiesReply
+QKDNC->>KMS1: AddSession() NOTIMPLYET
+KMS1->>KMS2: InterComKeyTransportSessionHandling()
+KMS2->>KMS1: InterComKeyTransportSessionHandlingReply
+KMS1-->>QKDNC: SessionReply NOTIMPLYET
+
+```
 
 
 

api/buf.gen.yaml

+version: v1
+managed:
+  enabled: true
+  go_package_prefix:
+    default: code.fbi.h-da.de/demoquandt/proto-kms/gen/proto/go
+plugins:
+  - plugin: buf.build/grpc/go
+    out: gen/proto/go
+    opt:
+      - paths=source_relative
+  - plugin: buf.build/protocolbuffers/go
+    out: gen/proto/go
+    opt:
+      - paths=source_relative

api/buf.work.yaml

+version: v1
+directories:
+    - kmsetsi
+    - kmsintercom

api/gen/proto/go/kmsetsi/kmsetsiproto_grpc.pb.go

+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.3.0
+// - protoc             (unknown)
+// source: kmsetsi/kmsetsiproto.proto
+
+package kmsetsi
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.32.0 or later.
+const _ = grpc.SupportPackageIsVersion7
+
+const (
+	KmsETSI_ETSICapabilities_FullMethodName         = "/kmsetsi.KmsETSI/ETSICapabilities"
+	KmsETSI_ETSIGetQuantumInterfaces_FullMethodName = "/kmsetsi.KmsETSI/ETSIGetQuantumInterfaces"
+	KmsETSI_ETSIAddKMSPeer_FullMethodName           = "/kmsetsi.KmsETSI/ETSIAddKMSPeer"
+	KmsETSI_ETSIRemoveKMSPeer_FullMethodName        = "/kmsetsi.KmsETSI/ETSIRemoveKMSPeer"
+	KmsETSI_ETSIGetPeerList_FullMethodName          = "/kmsetsi.KmsETSI/ETSIGetPeerList"
+	KmsETSI_ETSIGetEncryptKeys256Bit_FullMethodName = "/kmsetsi.KmsETSI/ETSIGetEncryptKeys256Bit"
+)
+
+// KmsETSIClient is the client API for KmsETSI service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type KmsETSIClient interface {
+	// Sends a greeting
+	ETSICapabilities(ctx context.Context, in *ETSICapabilitiesRequest, opts ...grpc.CallOption) (*ETSICapabilitiesReply, error)
+	ETSIGetQuantumInterfaces(ctx context.Context, in *ETSIKMSQuantumInterfaceListRequest, opts ...grpc.CallOption) (*ETSIKMSQuantumInterfaceListReply, error)
+	ETSIAddKMSPeer(ctx context.Context, in *ETSIKMSPeerRequest, opts ...grpc.CallOption) (*ETSIKMSPeerReply, error)
+	ETSIRemoveKMSPeer(ctx context.Context, in *ETSIKMSPeerRequest, opts ...grpc.CallOption) (*ETSIKMSPeerReply, error)
+	ETSIGetPeerList(ctx context.Context, in *ETSIKMSPeerListRequest, opts ...grpc.CallOption) (*ETSIKMSPeerListReply, error)
+	ETSIGetEncryptKeys256Bit(ctx context.Context, in *ETSIGetEncryptKeys256BitRequest, opts ...grpc.CallOption) (*ETSIGetEncryptKeys256BitReply, error)
+}
+
+type kmsETSIClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewKmsETSIClient(cc grpc.ClientConnInterface) KmsETSIClient {
+	return &kmsETSIClient{cc}
+}
+
+func (c *kmsETSIClient) ETSICapabilities(ctx context.Context, in *ETSICapabilitiesRequest, opts ...grpc.CallOption) (*ETSICapabilitiesReply, error) {
+	out := new(ETSICapabilitiesReply)
+	err := c.cc.Invoke(ctx, KmsETSI_ETSICapabilities_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *kmsETSIClient) ETSIGetQuantumInterfaces(ctx context.Context, in *ETSIKMSQuantumInterfaceListRequest, opts ...grpc.CallOption) (*ETSIKMSQuantumInterfaceListReply, error) {
+	out := new(ETSIKMSQuantumInterfaceListReply)
+	err := c.cc.Invoke(ctx, KmsETSI_ETSIGetQuantumInterfaces_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *kmsETSIClient) ETSIAddKMSPeer(ctx context.Context, in *ETSIKMSPeerRequest, opts ...grpc.CallOption) (*ETSIKMSPeerReply, error) {
+	out := new(ETSIKMSPeerReply)
+	err := c.cc.Invoke(ctx, KmsETSI_ETSIAddKMSPeer_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *kmsETSIClient) ETSIRemoveKMSPeer(ctx context.Context, in *ETSIKMSPeerRequest, opts ...grpc.CallOption) (*ETSIKMSPeerReply, error) {
+	out := new(ETSIKMSPeerReply)
+	err := c.cc.Invoke(ctx, KmsETSI_ETSIRemoveKMSPeer_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *kmsETSIClient) ETSIGetPeerList(ctx context.Context, in *ETSIKMSPeerListRequest, opts ...grpc.CallOption) (*ETSIKMSPeerListReply, error) {
+	out := new(ETSIKMSPeerListReply)
+	err := c.cc.Invoke(ctx, KmsETSI_ETSIGetPeerList_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *kmsETSIClient) ETSIGetEncryptKeys256Bit(ctx context.Context, in *ETSIGetEncryptKeys256BitRequest, opts ...grpc.CallOption) (*ETSIGetEncryptKeys256BitReply, error) {
+	out := new(ETSIGetEncryptKeys256BitReply)
+	err := c.cc.Invoke(ctx, KmsETSI_ETSIGetEncryptKeys256Bit_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// KmsETSIServer is the server API for KmsETSI service.
+// All implementations must embed UnimplementedKmsETSIServer
+// for forward compatibility
+type KmsETSIServer interface {
+	// Sends a greeting
+	ETSICapabilities(context.Context, *ETSICapabilitiesRequest) (*ETSICapabilitiesReply, error)
+	ETSIGetQuantumInterfaces(context.Context, *ETSIKMSQuantumInterfaceListRequest) (*ETSIKMSQuantumInterfaceListReply, error)
+	ETSIAddKMSPeer(context.Context, *ETSIKMSPeerRequest) (*ETSIKMSPeerReply, error)
+	ETSIRemoveKMSPeer(context.Context, *ETSIKMSPeerRequest) (*ETSIKMSPeerReply, error)
+	ETSIGetPeerList(context.Context, *ETSIKMSPeerListRequest) (*ETSIKMSPeerListReply, error)
+	ETSIGetEncryptKeys256Bit(context.Context, *ETSIGetEncryptKeys256BitRequest) (*ETSIGetEncryptKeys256BitReply, error)
+	mustEmbedUnimplementedKmsETSIServer()
+}
+
+// UnimplementedKmsETSIServer must be embedded to have forward compatible implementations.
+type UnimplementedKmsETSIServer struct {
+}
+
+func (UnimplementedKmsETSIServer) ETSICapabilities(context.Context, *ETSICapabilitiesRequest) (*ETSICapabilitiesReply, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ETSICapabilities not implemented")
+}
+func (UnimplementedKmsETSIServer) ETSIGetQuantumInterfaces(context.Context, *ETSIKMSQuantumInterfaceListRequest) (*ETSIKMSQuantumInterfaceListReply, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ETSIGetQuantumInterfaces not implemented")
+}
+func (UnimplementedKmsETSIServer) ETSIAddKMSPeer(context.Context, *ETSIKMSPeerRequest) (*ETSIKMSPeerReply, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ETSIAddKMSPeer not implemented")
+}
+func (UnimplementedKmsETSIServer) ETSIRemoveKMSPeer(context.Context, *ETSIKMSPeerRequest) (*ETSIKMSPeerReply, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ETSIRemoveKMSPeer not implemented")
+}
+func (UnimplementedKmsETSIServer) ETSIGetPeerList(context.Context, *ETSIKMSPeerListRequest) (*ETSIKMSPeerListReply, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ETSIGetPeerList not implemented")
+}
+func (UnimplementedKmsETSIServer) ETSIGetEncryptKeys256Bit(context.Context, *ETSIGetEncryptKeys256BitRequest) (*ETSIGetEncryptKeys256BitReply, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ETSIGetEncryptKeys256Bit not implemented")
+}
+func (UnimplementedKmsETSIServer) mustEmbedUnimplementedKmsETSIServer() {}
+
+// UnsafeKmsETSIServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to KmsETSIServer will
+// result in compilation errors.
+type UnsafeKmsETSIServer interface {
+	mustEmbedUnimplementedKmsETSIServer()
+}
+
+func RegisterKmsETSIServer(s grpc.ServiceRegistrar, srv KmsETSIServer) {
+	s.RegisterService(&KmsETSI_ServiceDesc, srv)
+}
+
+func _KmsETSI_ETSICapabilities_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ETSICapabilitiesRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(KmsETSIServer).ETSICapabilities(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: KmsETSI_ETSICapabilities_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(KmsETSIServer).ETSICapabilities(ctx, req.(*ETSICapabilitiesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _KmsETSI_ETSIGetQuantumInterfaces_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ETSIKMSQuantumInterfaceListRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(KmsETSIServer).ETSIGetQuantumInterfaces(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: KmsETSI_ETSIGetQuantumInterfaces_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(KmsETSIServer).ETSIGetQuantumInterfaces(ctx, req.(*ETSIKMSQuantumInterfaceListRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _KmsETSI_ETSIAddKMSPeer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ETSIKMSPeerRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(KmsETSIServer).ETSIAddKMSPeer(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: KmsETSI_ETSIAddKMSPeer_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(KmsETSIServer).ETSIAddKMSPeer(ctx, req.(*ETSIKMSPeerRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _KmsETSI_ETSIRemoveKMSPeer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ETSIKMSPeerRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(KmsETSIServer).ETSIRemoveKMSPeer(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: KmsETSI_ETSIRemoveKMSPeer_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(KmsETSIServer).ETSIRemoveKMSPeer(ctx, req.(*ETSIKMSPeerRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _KmsETSI_ETSIGetPeerList_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ETSIKMSPeerListRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(KmsETSIServer).ETSIGetPeerList(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: KmsETSI_ETSIGetPeerList_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(KmsETSIServer).ETSIGetPeerList(ctx, req.(*ETSIKMSPeerListRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _KmsETSI_ETSIGetEncryptKeys256Bit_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ETSIGetEncryptKeys256BitRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(KmsETSIServer).ETSIGetEncryptKeys256Bit(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: KmsETSI_ETSIGetEncryptKeys256Bit_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(KmsETSIServer).ETSIGetEncryptKeys256Bit(ctx, req.(*ETSIGetEncryptKeys256BitRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// KmsETSI_ServiceDesc is the grpc.ServiceDesc for KmsETSI service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var KmsETSI_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "kmsetsi.KmsETSI",
+	HandlerType: (*KmsETSIServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "ETSICapabilities",
+			Handler:    _KmsETSI_ETSICapabilities_Handler,
+		},
+		{
+			MethodName: "ETSIGetQuantumInterfaces",
+			Handler:    _KmsETSI_ETSIGetQuantumInterfaces_Handler,
+		},
+		{
+			MethodName: "ETSIAddKMSPeer",
+			Handler:    _KmsETSI_ETSIAddKMSPeer_Handler,
+		},
+		{
+			MethodName: "ETSIRemoveKMSPeer",
+			Handler:    _KmsETSI_ETSIRemoveKMSPeer_Handler,
+		},
+		{
+			MethodName: "ETSIGetPeerList",
+			Handler:    _KmsETSI_ETSIGetPeerList_Handler,
+		},
+		{
+			MethodName: "ETSIGetEncryptKeys256Bit",
+			Handler:    _KmsETSI_ETSIGetEncryptKeys256Bit_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "kmsetsi/kmsetsiproto.proto",
+}

api/gen/proto/go/kmsintercom/kmsintercom.pb.go

+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.31.0
+// 	protoc        (unknown)
+// source: kmsintercom/kmsintercom.proto
+
+package kmsintercom
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Capabilities
+// The request message containing the requesting kms' name.
+type InterComCapabilitiesRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	MyKmsName string `protobuf:"bytes,1,opt,name=myKmsName,proto3" json:"myKmsName,omitempty"`
+}
+
+func (x *InterComCapabilitiesRequest) Reset() {
+	*x = InterComCapabilitiesRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_kmsintercom_kmsintercom_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InterComCapabilitiesRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InterComCapabilitiesRequest) ProtoMessage() {}
+
+func (x *InterComCapabilitiesRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_kmsintercom_kmsintercom_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InterComCapabilitiesRequest.ProtoReflect.Descriptor instead.
+func (*InterComCapabilitiesRequest) Descriptor() ([]byte, []int) {
+	return file_kmsintercom_kmsintercom_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *InterComCapabilitiesRequest) GetMyKmsName() string {
+	if x != nil {
+		return x.MyKmsName
+	}
+	return ""
+}
+
+// The response message containing the replying kms' name.
+type InterComCapabilitiesReply struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	PeerKmsName string `protobuf:"bytes,1,opt,name=peerKmsName,proto3" json:"peerKmsName,omitempty"`
+}
+
+func (x *InterComCapabilitiesReply) Reset() {
+	*x = InterComCapabilitiesReply{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_kmsintercom_kmsintercom_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InterComCapabilitiesReply) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InterComCapabilitiesReply) ProtoMessage() {}
+
+func (x *InterComCapabilitiesReply) ProtoReflect() protoreflect.Message {
+	mi := &file_kmsintercom_kmsintercom_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InterComCapabilitiesReply.ProtoReflect.Descriptor instead.
+func (*InterComCapabilitiesReply) Descriptor() ([]byte, []int) {
+	return file_kmsintercom_kmsintercom_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *InterComCapabilitiesReply) GetPeerKmsName() string {
+	if x != nil {
+		return x.PeerKmsName
+	}
+	return ""
+}
+
+// KeyTransportSessionHandling
+// The request message containing the requesting kms' name.
+type InterComKeyTransportSessionHandlingRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	RequestedKey string `protobuf:"bytes,1,opt,name=requestedKey,proto3" json:"requestedKey,omitempty"`
+}
+
+func (x *InterComKeyTransportSessionHandlingRequest) Reset() {
+	*x = InterComKeyTransportSessionHandlingRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_kmsintercom_kmsintercom_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InterComKeyTransportSessionHandlingRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InterComKeyTransportSessionHandlingRequest) ProtoMessage() {}
+
+func (x *InterComKeyTransportSessionHandlingRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_kmsintercom_kmsintercom_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InterComKeyTransportSessionHandlingRequest.ProtoReflect.Descriptor instead.
+func (*InterComKeyTransportSessionHandlingRequest) Descriptor() ([]byte, []int) {
+	return file_kmsintercom_kmsintercom_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *InterComKeyTransportSessionHandlingRequest) GetRequestedKey() string {
+	if x != nil {
+		return x.RequestedKey
+	}
+	return ""
+}
+
+// The response message containing the replying kms' name.
+type InterComKeyTransportSessionHandlingReply struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	UsedKey string `protobuf:"bytes,1,opt,name=usedKey,proto3" json:"usedKey,omitempty"`
+}
+
+func (x *InterComKeyTransportSessionHandlingReply) Reset() {
+	*x = InterComKeyTransportSessionHandlingReply{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_kmsintercom_kmsintercom_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InterComKeyTransportSessionHandlingReply) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InterComKeyTransportSessionHandlingReply) ProtoMessage() {}
+
+func (x *InterComKeyTransportSessionHandlingReply) ProtoReflect() protoreflect.Message {
+	mi := &file_kmsintercom_kmsintercom_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InterComKeyTransportSessionHandlingReply.ProtoReflect.Descriptor instead.
+func (*InterComKeyTransportSessionHandlingReply) Descriptor() ([]byte, []int) {
+	return file_kmsintercom_kmsintercom_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *InterComKeyTransportSessionHandlingReply) GetUsedKey() string {
+	if x != nil {
+		return x.UsedKey
+	}
+	return ""
+}
+
+var File_kmsintercom_kmsintercom_proto protoreflect.FileDescriptor
+
+var file_kmsintercom_kmsintercom_proto_rawDesc = []byte{
+	0x0a, 0x1d, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x6d,
+	0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
+	0x0b, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x22, 0x3b, 0x0a, 0x1b,
+	0x49, 0x6e, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69,
+	0x74, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6d,
+	0x79, 0x4b, 0x6d, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09,
+	0x6d, 0x79, 0x4b, 0x6d, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x3d, 0x0a, 0x19, 0x49, 0x6e, 0x74,
+	0x65, 0x72, 0x43, 0x6f, 0x6d, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65,
+	0x73, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, 0x20, 0x0a, 0x0b, 0x70, 0x65, 0x65, 0x72, 0x4b, 0x6d,
+	0x73, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x70, 0x65, 0x65,
+	0x72, 0x4b, 0x6d, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x50, 0x0a, 0x2a, 0x49, 0x6e, 0x74, 0x65,
+	0x72, 0x43, 0x6f, 0x6d, 0x4b, 0x65, 0x79, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74,
+	0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x69, 0x6e, 0x67, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x22, 0x0a, 0x0c, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x22, 0x44, 0x0a, 0x28, 0x49, 0x6e,
+	0x74, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x4b, 0x65, 0x79, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f,
+	0x72, 0x74, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x69, 0x6e,
+	0x67, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x75, 0x73, 0x65, 0x64, 0x4b, 0x65,
+	0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x75, 0x73, 0x65, 0x64, 0x4b, 0x65, 0x79,
+	0x32, 0x91, 0x02, 0x0a, 0x09, 0x4b, 0x6d, 0x73, 0x54, 0x61, 0x6c, 0x6b, 0x65, 0x72, 0x12, 0x6a,
+	0x0a, 0x14, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69,
+	0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x28, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x43, 0x61, 0x70,
+	0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x26, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x49,
+	0x6e, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74,
+	0x69, 0x65, 0x73, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x12, 0x97, 0x01, 0x0a, 0x23, 0x49,
+	0x6e, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x4b, 0x65, 0x79, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70,
+	0x6f, 0x72, 0x74, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x69,
+	0x6e, 0x67, 0x12, 0x37, 0x2e, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d,
+	0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x4b, 0x65, 0x79, 0x54, 0x72, 0x61, 0x6e,
+	0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x48, 0x61, 0x6e, 0x64,
+	0x6c, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x35, 0x2e, 0x6b, 0x6d,
+	0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x43,
+	0x6f, 0x6d, 0x4b, 0x65, 0x79, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x65,
+	0x73, 0x73, 0x69, 0x6f, 0x6e, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x70,
+	0x6c, 0x79, 0x22, 0x00, 0x42, 0xaf, 0x01, 0x0a, 0x0f, 0x63, 0x6f, 0x6d, 0x2e, 0x6b, 0x6d, 0x73,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x42, 0x10, 0x4b, 0x6d, 0x73, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x63, 0x6f, 0x6d, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3e, 0x63, 0x6f,
+	0x64, 0x65, 0x2e, 0x66, 0x62, 0x69, 0x2e, 0x68, 0x2d, 0x64, 0x61, 0x2e, 0x64, 0x65, 0x2f, 0x64,
+	0x65, 0x6d, 0x6f, 0x71, 0x75, 0x61, 0x6e, 0x64, 0x74, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d,
+	0x6b, 0x6d, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f,
+	0x2f, 0x6b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0xa2, 0x02, 0x03, 0x4b,
+	0x58, 0x58, 0xaa, 0x02, 0x0b, 0x4b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d,
+	0xca, 0x02, 0x0b, 0x4b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0xe2, 0x02,
+	0x17, 0x4b, 0x6d, 0x73, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x5c, 0x47, 0x50, 0x42,
+	0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x0b, 0x4b, 0x6d, 0x73, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x63, 0x6f, 0x6d, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_kmsintercom_kmsintercom_proto_rawDescOnce sync.Once
+	file_kmsintercom_kmsintercom_proto_rawDescData = file_kmsintercom_kmsintercom_proto_rawDesc
+)
+
+func file_kmsintercom_kmsintercom_proto_rawDescGZIP() []byte {
+	file_kmsintercom_kmsintercom_proto_rawDescOnce.Do(func() {
+		file_kmsintercom_kmsintercom_proto_rawDescData = protoimpl.X.CompressGZIP(file_kmsintercom_kmsintercom_proto_rawDescData)
+	})
+	return file_kmsintercom_kmsintercom_proto_rawDescData
+}
+
+var file_kmsintercom_kmsintercom_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
+var file_kmsintercom_kmsintercom_proto_goTypes = []interface{}{
+	(*InterComCapabilitiesRequest)(nil),                // 0: kmsintercom.InterComCapabilitiesRequest
+	(*InterComCapabilitiesReply)(nil),                  // 1: kmsintercom.InterComCapabilitiesReply
+	(*InterComKeyTransportSessionHandlingRequest)(nil), // 2: kmsintercom.InterComKeyTransportSessionHandlingRequest
+	(*InterComKeyTransportSessionHandlingReply)(nil),   // 3: kmsintercom.InterComKeyTransportSessionHandlingReply
+}
+var file_kmsintercom_kmsintercom_proto_depIdxs = []int32{
+	0, // 0: kmsintercom.KmsTalker.InterComCapabilities:input_type -> kmsintercom.InterComCapabilitiesRequest
+	2, // 1: kmsintercom.KmsTalker.InterComKeyTransportSessionHandling:input_type -> kmsintercom.InterComKeyTransportSessionHandlingRequest
+	1, // 2: kmsintercom.KmsTalker.InterComCapabilities:output_type -> kmsintercom.InterComCapabilitiesReply
+	3, // 3: kmsintercom.KmsTalker.InterComKeyTransportSessionHandling:output_type -> kmsintercom.InterComKeyTransportSessionHandlingReply
+	2, // [2:4] is the sub-list for method output_type
+	0, // [0:2] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_kmsintercom_kmsintercom_proto_init() }
+func file_kmsintercom_kmsintercom_proto_init() {
+	if File_kmsintercom_kmsintercom_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_kmsintercom_kmsintercom_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*InterComCapabilitiesRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_kmsintercom_kmsintercom_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*InterComCapabilitiesReply); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_kmsintercom_kmsintercom_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*InterComKeyTransportSessionHandlingRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_kmsintercom_kmsintercom_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*InterComKeyTransportSessionHandlingReply); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_kmsintercom_kmsintercom_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   4,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_kmsintercom_kmsintercom_proto_goTypes,
+		DependencyIndexes: file_kmsintercom_kmsintercom_proto_depIdxs,
+		MessageInfos:      file_kmsintercom_kmsintercom_proto_msgTypes,
+	}.Build()
+	File_kmsintercom_kmsintercom_proto = out.File
+	file_kmsintercom_kmsintercom_proto_rawDesc = nil
+	file_kmsintercom_kmsintercom_proto_goTypes = nil
+	file_kmsintercom_kmsintercom_proto_depIdxs = nil
+}

api/gen/proto/go/kmsintercom/kmsintercom_grpc.pb.go

+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.3.0
+// - protoc             (unknown)
+// source: kmsintercom/kmsintercom.proto
+
+package kmsintercom
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.32.0 or later.
+const _ = grpc.SupportPackageIsVersion7
+
+const (
+	KmsTalker_InterComCapabilities_FullMethodName                = "/kmsintercom.KmsTalker/InterComCapabilities"
+	KmsTalker_InterComKeyTransportSessionHandling_FullMethodName = "/kmsintercom.KmsTalker/InterComKeyTransportSessionHandling"
+)
+
+// KmsTalkerClient is the client API for KmsTalker service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type KmsTalkerClient interface {
+	InterComCapabilities(ctx context.Context, in *InterComCapabilitiesRequest, opts ...grpc.CallOption) (*InterComCapabilitiesReply, error)
+	InterComKeyTransportSessionHandling(ctx context.Context, in *InterComKeyTransportSessionHandlingRequest, opts ...grpc.CallOption) (*InterComKeyTransportSessionHandlingReply, error)
+}
+
+type kmsTalkerClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewKmsTalkerClient(cc grpc.ClientConnInterface) KmsTalkerClient {
+	return &kmsTalkerClient{cc}
+}
+
+func (c *kmsTalkerClient) InterComCapabilities(ctx context.Context, in *InterComCapabilitiesRequest, opts ...grpc.CallOption) (*InterComCapabilitiesReply, error) {
+	out := new(InterComCapabilitiesReply)
+	err := c.cc.Invoke(ctx, KmsTalker_InterComCapabilities_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *kmsTalkerClient) InterComKeyTransportSessionHandling(ctx context.Context, in *InterComKeyTransportSessionHandlingRequest, opts ...grpc.CallOption) (*InterComKeyTransportSessionHandlingReply, error) {
+	out := new(InterComKeyTransportSessionHandlingReply)
+	err := c.cc.Invoke(ctx, KmsTalker_InterComKeyTransportSessionHandling_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// KmsTalkerServer is the server API for KmsTalker service.
+// All implementations must embed UnimplementedKmsTalkerServer
+// for forward compatibility
+type KmsTalkerServer interface {
+	InterComCapabilities(context.Context, *InterComCapabilitiesRequest) (*InterComCapabilitiesReply, error)
+	InterComKeyTransportSessionHandling(context.Context, *InterComKeyTransportSessionHandlingRequest) (*InterComKeyTransportSessionHandlingReply, error)
+	mustEmbedUnimplementedKmsTalkerServer()
+}
+
+// UnimplementedKmsTalkerServer must be embedded to have forward compatible implementations.
+type UnimplementedKmsTalkerServer struct {
+}
+
+func (UnimplementedKmsTalkerServer) InterComCapabilities(context.Context, *InterComCapabilitiesRequest) (*InterComCapabilitiesReply, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method InterComCapabilities not implemented")
+}
+func (UnimplementedKmsTalkerServer) InterComKeyTransportSessionHandling(context.Context, *InterComKeyTransportSessionHandlingRequest) (*InterComKeyTransportSessionHandlingReply, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method InterComKeyTransportSessionHandling not implemented")
+}
+func (UnimplementedKmsTalkerServer) mustEmbedUnimplementedKmsTalkerServer() {}
+
+// UnsafeKmsTalkerServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to KmsTalkerServer will
+// result in compilation errors.
+type UnsafeKmsTalkerServer interface {
+	mustEmbedUnimplementedKmsTalkerServer()
+}
+
+func RegisterKmsTalkerServer(s grpc.ServiceRegistrar, srv KmsTalkerServer) {
+	s.RegisterService(&KmsTalker_ServiceDesc, srv)
+}
+
+func _KmsTalker_InterComCapabilities_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(InterComCapabilitiesRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(KmsTalkerServer).InterComCapabilities(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: KmsTalker_InterComCapabilities_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(KmsTalkerServer).InterComCapabilities(ctx, req.(*InterComCapabilitiesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _KmsTalker_InterComKeyTransportSessionHandling_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(InterComKeyTransportSessionHandlingRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(KmsTalkerServer).InterComKeyTransportSessionHandling(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: KmsTalker_InterComKeyTransportSessionHandling_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(KmsTalkerServer).InterComKeyTransportSessionHandling(ctx, req.(*InterComKeyTransportSessionHandlingRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// KmsTalker_ServiceDesc is the grpc.ServiceDesc for KmsTalker service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var KmsTalker_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "kmsintercom.KmsTalker",
+	HandlerType: (*KmsTalkerServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "InterComCapabilities",
+			Handler:    _KmsTalker_InterComCapabilities_Handler,
+		},
+		{
+			MethodName: "InterComKeyTransportSessionHandling",
+			Handler:    _KmsTalker_InterComKeyTransportSessionHandling_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "kmsintercom/kmsintercom.proto",
+}

api/kmsetsi/kmsetsi/buf.lock

+# Generated by buf. DO NOT EDIT.
+version: v1

api/kmsetsi/kmsetsi/buf.yaml

+version: v1
+lint:
+  use:
+    - DEFAULT
+breaking:
+  use:
+    - FILE

api/kmsetsi/kmsetsi/kmsetsiproto.proto

+syntax = "proto3";
+
+package kmsetsi;
+
+service KmsETSI {
+	// Sends a greeting
+	rpc ETSICapabilities (ETSICapabilitiesRequest) returns (ETSICapabilitiesReply) {}
+  rpc ETSIGetQuantumInterfaces(ETSIKMSQuantumInterfaceListRequest) returns (ETSIKMSQuantumInterfaceListReply) {}
+  rpc ETSIAddKMSPeer(ETSIKMSPeerRequest) returns (ETSIKMSPeerReply) {}
+  rpc ETSIRemoveKMSPeer(ETSIKMSPeerRequest) returns (ETSIKMSPeerReply) {}
+  rpc ETSIGetPeerList(ETSIKMSPeerListRequest) returns (ETSIKMSPeerListReply) {}
+  rpc ETSIGetEncryptKeys256Bit (ETSIGetEncryptKeys256BitRequest) returns (ETSIGetEncryptKeys256BitReply) {}
+  }
+
+  // The request message containing the user's name.
+message ETSICapabilitiesRequest {
+	string myKmsName = 1;
+}
+
+  // The response message containing the greetings
+  message ETSICapabilitiesReply {
+	string peerKmsName = 1;
+}
+
+message ETSIKMSQuantumInterfaceListRequest {
+
+}
+
+// NB for myself: this be used to link QLE mit KMS-Session!
+message QuantumElementInfo {
+  uint64 qleID = 1;
+  string udpAddr = 2;
+}
+
+message ETSIKMSQuantumInterfaceListReply {
+  repeated QuantumElementInfo qlElementInfo = 1;
+}
+
+
+message ETSIKMSPeerRequest {
+  string kmsPeerSocket = 1;
+  uint32 kmsLocalQLEId = 2;
+}
+
+message ETSIKMSPeerReply {
+  string kmsPeerName  = 1;
+}
+
+message ETSIKMSPeerListRequest {
+}
+
+message ETSIKMSPeer {
+  string peerName = 1;
+  string peerStatus = 2;
+
+}
+
+message ETSIKMSPeerListReply {
+  repeated ETSIKMSPeer peer = 1;
+}
+
+message ETSIGetEncryptKeys256BitRequest {
+  int64 amount = 1;
+}
+
+/* out kms-keystore.go
+ * type kmsKSElement struct {
+ * 	  keyID string
+ *	  key   []byte // a 256 bit key
+ *  }
+ */
+
+message ETSIGetEncryptKeys256BitReply {
+  string keyID = 1;
+  bytes key = 2;
+}

api/kmsintercom/kmsintercom/buf.lock

+# Generated by buf. DO NOT EDIT.
+version: v1

api/kmsintercom/kmsintercom/buf.yaml

+version: v1
+lint:
+  use:
+    - DEFAULT
+breaking:
+  use:
+    - FILE

api/kmsintercom/kmsintercom/kmsintercom.proto

+syntax = "proto3";
+
+package kmsintercom;
+
+service KmsTalker {
+	rpc InterComCapabilities (InterComCapabilitiesRequest) returns (InterComCapabilitiesReply) {}
+	rpc InterComKeyTransportSessionHandling(InterComKeyTransportSessionHandlingRequest) returns (InterComKeyTransportSessionHandlingReply) {}
+}
+
+// Capabilities
+// The request message containing the requesting kms' name.
+message InterComCapabilitiesRequest {
+	string myKmsName = 1;
+  }
+
+// The response message containing the replying kms' name.
+message InterComCapabilitiesReply {
+	string peerKmsName= 1;
+}
+
+// KeyTransportSessionHandling
+// The request message containing the requesting kms' name.
+message InterComKeyTransportSessionHandlingRequest {
+	string requestedKey = 1;
+  }
+
+// The response message containing the replying kms' name.
+message InterComKeyTransportSessionHandlingReply {
+	string usedKey = 1;
+}

go.mod

-module code.fbi.h-da.de/m.stiemerling/proto-kms
+module code.fbi.h-da.de/danet/proto-kms
 
 go 1.20
 
-require github.com/google/uuid v1.3.0
+require (
+	github.com/google/uuid v1.3.0
+	google.golang.org/grpc v1.56.2
+	google.golang.org/protobuf v1.31.0
+)
+
+require (
+	github.com/golang/protobuf v1.5.3 // indirect
+	golang.org/x/net v0.9.0 // indirect
+	golang.org/x/sys v0.7.0 // indirect
+	golang.org/x/text v0.9.0 // indirect
+	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
+)

go.sum

+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
+golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
+google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
+google.golang.org/grpc v1.56.2 h1:fVRFRnXvU+x6C4IlHZewvJOVHoOv1TUuQyoRsYnB4bI=
+google.golang.org/grpc v1.56.2/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=

kms/grpcurl-sheet.md

+# Info for testing with grpcurl
+
+https://github.com/fullstorydev/grpcurl
+
+### 
+
+'grpcurl -d '{"myKmsName" : "grpcurl"}' --import-path ./kmsetsiproto --proto kmsetsiproto.proto  --plaintext localhost:50900  kmsetsiproto.KmsETSI.ETSICapabilities
+{  "peerKmsName": "whatever"}'
+
+'grpcurl -d '{"kmsPeerSocket" : "127.0.0.1:50901"}' --import-path ./kmsetsiproto --proto kmsetsiproto.proto  --plaintext localhost:50900  kmsetsiproto.KmsETSI.ETSIAddKMSPeer'
\ No newline at end of file

kms/kms-keystore.go

+package kms
+
+import (
+	"errors"
+	"fmt"
+	"log"
+	"sync"
+
+	"code.fbi.h-da.de/danet/proto-kms/quantumlayer"
+)
+
+type kmsKS interface {
+	KeyChopper256Bit(bulkKey *quantumlayer.QuantumLayerBulkKey) (err error)
+	addKey(int64, [8]byte)
+}
+
+// holds a single ready to use 256 bit key
+type kmsKSElement struct {
+	keyID string
+	key   []byte // a 256 bit key
+}
+
+type kmsKeyStore struct {
+	keyStoreMutex sync.Mutex
+	keyStore      map[string]*kmsKSElement
+}
+
+func (ks *kmsKeyStore) addKey(bulkKeyId int64, keyToadd []byte) {
+	newKeyElement := kmsKSElement{}
+
+	//generate keyID out of bulkKeyId and has of keyToadd
+	newKeyElement.keyID = fmt.Sprintf("%x.%x", bulkKeyId, keyToadd)
+	newKeyElement.key = keyToadd
+
+	ks.keyStoreMutex.Lock()
+	defer ks.keyStoreMutex.Unlock()
+	// test for collisions
+	if _, notThere := ks.keyStore[newKeyElement.keyID]; notThere {
+		log.Printf("Whop: addKey collission of key id %s for bulkKeyID %d", newKeyElement.keyID, bulkKeyId)
+		return
+	}
+	// ok to add
+	ks.keyStore[newKeyElement.keyID] = &newKeyElement
+
+}
+
+// Takes a bulk of keys and chops them in 256bit keys each
+// Any remainder is discarded
+func (ks *kmsKeyStore) KeyChopper256Bit(bulkKey *quantumlayer.QuantumLayerBulkKey) (err error) {
+	if bulkKey.BulkKeyLength != len(*bulkKey.BulkKey) {
+		err = errors.New("bulkKey length mismatch")
+		return err
+	}
+
+	// Let's chop!
+	key := *bulkKey.BulkKey
+	for len(key) > 32 {
+		tmpkey := key[:32]
+		ks.addKey(bulkKey.BulkKeyId, tmpkey)
+		// shorten the key storage
+		key = key[32:]
+	}
+	return nil
+}